The widespread burglary continued to be in everyone’s minds this week, while numerous companies and organizations continued with a slew of big hacks. Now that Microsoft’s stickers have been out for a while, a variety of national state and criminal actors are becoming more aggressive about using a series of Microsoft Exchange Server bugs that have already been attacked by the Chinese group Hafnium. The White House, meanwhile, is considering a response to Russia’s recent, sensational SolarWinds espionage campaign that jeopardizes data at numerous US government agencies and private companies around the world. For the Biden government, the risk is that excessive retaliation could defy norms and be considered hypocritical, as the US and virtually every government are engaged in digital espionage.
Criminal hackers also continued their blackmail over the breach of network equipment and firewall maker Accellion. The world of digital chess is in turmoil and bowing to digital harassment over accusations from a Twitch and YouTube chess star that an emerging challenger cheated in a match that lost the master. And Google researchers have developed a proof-of-concept browser exploitation to raise awareness about the threat that speculative execution attacks, such as those exploiting the infamous “Specter” vulnerability, still pose to the web three years later.
The privacy-focused Brave browser this week launched its own search engine designed to make Google money without sucking up so much user data. And we took another look at the five best password managers currently in use. Now is a good time to sharpen up, especially since Netflix may be able to crack passwords.
And there is more! Every week we make all the news we have not thoroughly discussed. Click on the headings to read the full stories. And stay safe out there.
Hackers on Monday breached video surveillance services company Verkada, Bloomberg reported, gaining access to a ‘superadmin’ account that allows them to view more than 150,000 live feeds, as well as video archives of Verkada’s customers. Exposed organizations included prisons, schools and hospitals – such as Madison County Jail in Huntsville, Alabama and Sandy Hook Elementary School – as well as technology ventures such as Tesla and Cloudflare. More than 100 Verkada employees had access to thousands of customers’ streams – an extra surprising and probably disturbing revelation for the customers. Tillie Kottman, a hacker who claimed responsibility for the offense, said in a Mastodon report on Friday that officials raided their apartment in Lucerne, Switzerland, and confiscated their electronic devices. The search warrant apparently relates to a suspected hood from last year and not to the Verkada offense.
Security researchers warned this week that complete, public evidence of the conceptual use of Microsoft Exchange Server vulnerabilities that were recently posted would further escalate into a hacking frenzy that has been escalating over the past few days. Independent security researcher Nguyen Jang on Wednesday posted one such exploit on the code-saving platform Github. Within hours, Github removed the post. The incident caused controversy in the security community because Microsoft owns both Github and Exchange Server. The idea that a corporate dominator could police content on Github, or otherwise affect the open source community, caused great controversy during Microsoft’s acquisition of the service.
“We understand that the publication and dissemination of a proof-of-concept exploitation code has educational and research value for the safety community, and our goal is to balance the benefit by keeping the broader ecosystem safe,” a spokesman said. from Github told Motherboard on Thursday. “In accordance with our Acceptable Use Policy, we have eliminated the core of the following reports as containing evidence of draft code for a recently disclosed vulnerability that is being actively exploited.”